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Abstract. A new asymmetric cryptosystem based on the Integer Factoriza- 
tion Problem is proposed. It posses an encryption and decryption speed of 
0(n 2 ), thus making it the fastest asymmetric encryption scheme available. It 
has a simple mathematical structure. Thus, it would have low computational 
requirements and would enable communication devices with low computing 
power to deploy secure communication procedures efficiently. 



1. Introduction 

By textbook convention the discrete log problem (DLP) and the elliptic curve 
discrete log problem (ECDLP) has been the source of security for cryptographic 
schemes such as the Diffie Hellman key exchange (DHKE) procedure, El-Gamal 
cryptosystem and elliptic curve cryptosystem (ECC) respectively [2], [8]. As for 
the world renowned RSA cryptosystem, the inability to find the e-th root of the 
ciphertext C modulo N from the congruence relation C = M e (mod N) coupled 
with the inability to factor N = pq for large primes p and q is its fundamental 
source of security [11]. It has been suggested that the ECC is able to produce the 
same level of security as the RSA with shorter key length. Thus, ECC should be 
the preferred asymmetric cryptosystem when compared to RSA [16) . Hence, the 
notion "cryptographic efficiency" is conjured. That is, to produce an asymmetric 
cryptographic scheme that could produce security equivalent to a certain key length 
of the traditional RSA but utilizing shorter keys. However, in certain situations 
where a large block needs to be encrypted, RSA is the better option than ECC 
because ECC would need more computational effort to undergo such a task [13] . 
Thus, adding another characteristic toward the notion of "cryptographic efficiency" 
which is it must be less "computational intensive" and be able to transmit large 
blocks of data (when needed). In 1998 the cryptographic scheme known as NTRU 
was proposed with better "cryptographic efficiency" relative to RSA and ECC [5] 
[6] [7]. NTRU has a complexity order of 0(n 2 ) for both encryption and decryption 
as compared to DHKE, EL-Gammal, RSA and ECC (all have a complexity order 
of 0(n 3 )). As such, in order to design a state-of-the-art public key mechanism, the 
following are characteristics that must be "ideally" achieved (apart from other well 
known security issues): 

(1) Shorter key length. If possible shorter than ECC 160-bits. 
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(2) Speed. To have speed of complexity order 0(n 2 ) for both encryption and 
decryption. 

(3) Able to increase data set to be transmitted asymmetrically. That is, not to 
be restricted in size because of the mathematical structure. 

(4) Simple mathematical structure for easy implementation. 

In this paper, we produce a newly designed asymmetric cryptosystem based on 
the Integer Factorization Problem. The scheme does not require "expensive" opera- 
tions. It only requires multiplication and addition for encryption and for decryption 
it only utilizes multiplication together with a one time modular reduction. 

The layout of this paper is as follows. In Section 2, we dehne the Diophantine 
Equation Hard Problem (DEHP) which is the source of "mathematical hardness" 
integrated within the ciphertext equation. The new asymmetric cryptosystem will 
be detailed in Section 3. In Section 4, the authors detail the decryption process and 
provide a proof of correctness. An example will also be presented. Continuing in 
Section 5, we will discuss algebraic attacks. An analysis of lattice based attack will 
be given in Section 6. Section 7 will be about the underlying security principles of 
the AAp scheme. A table of comparison between the AAp scheme against RSA,ECC 
and NTRU is given in Section 8. Finally, we shall conclude in Section 9. 

2. The Diophantine Equation Hard Problem (DEHP) 
In this section we begin by producing a diophantine equation of the form 

C = Ax + By 

where (A,B,C) are known integers while (x, y) are unknown integers. Another 
condition is that gcd(A, B) = 1. We will observe the following 2 cases: 

2.1. Case 1. Let the public parameters (A, B) be of length n-bits and the secret 
parameters (x, y) also be of length n-bits. 

The general solution for (x, y) is given by 

• x = x + Bt 

• V = Vo - At 

Since the size if the unknown parameters (x, y) are n-bits, from the following in- 
equality 

2"- 1 -x 2™-l-x 
B < * < B 

and by the fact that 2 n_1 < B < 2™ — 1, the interval that the variable t belongs to 
is approximately given by 

2" 2™ 

~B > 2" - 1 ~ 

As a result an attacker could be able to determine the value of t and solve for the 
unknown pair (x, y) in polynomial time. 

2.2. Case 2. Let the public parameters (A,B) be of length n-bits and the secret 
parameters (x, y) be of length 2n-bits. The general solution for (x, y) is given by 

• x = xq + Bt 

• V = 2/o - At 
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Since the size if the unknown parameters (x, y) are 2n-bits, from the following 
inequality 

2 2 "- 1 - x 2 2 " - 1 - .Tp 

B < * < B 
and by the fact that 2™ _1 < B < 2™ — 1, the interval that the variable t belongs to 
is approximately given by 

o2n o2n 



As a result an attacker could not be able to determine the value of t and solve for 
the unknown pair (x, y) in polynomial time for sufficiently large n. 

2.3. Definition (DEHP). The Diophantinc Equation Hard Problem (DEHP) is 
the problem to determine the preferred solution set (x, y) from C — Ax + By where 
(A, B, C) in known and (x, y) is unknown. A correct implementation of DEHP will 
be executed as describe in Case 2 above. If the preferred solution set is obtained 
then the equation C is said to be pr /-solved. 

3. a new asymmetric algorithm based on integer factorization 

Problem 

Let us begin by stating that the communication process is between A (Along) 
and B (Busu), where Busu is sending information to Along after encrypting the 
plaintext with Along's public key. 

• Key Generation by Along 

INPUT: Generate a pair of random n-bit prime numbers p and q, an n-bit odd 
integer ki, k 2 = and a random 2n-bit integer u. Another condition is that 

p > 2"- 1 +2™- 2 . 

OUTPUT: The public key e x and e 2 where 

• e\ = u + p(ki + k 2 ) 

• e 2 = u - pk 2 

and the private key pair (p, d) where d = w _1 (mod p) and v = u(mod p). 

• Encryption by Busu 

INPUT: The public key (ei,e 2 ) and the message M where M is an n-bit in- 
teger within the interval (2™" 1 , 2™ - 1) and M < 2"" 1 + 2™~ 2 . As a result M < p. 
Compute a random 3n-bit integer X and compute Y = X — M. 

OUTPUT: The ciphertext C = Xei- Ye 2 . 

• Decryption by Along 

INPUT: The private key pair (p,d) and the ciphertext C. 
OUTPUT: The plaintext M. 

4. Decryption 



Proposition 4.1. Cd = M(mod p). 
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We now proceed to give a proof of correctness. 



Proof. Cd = X — Y = M(mod p). Observe that, modular reduction does not occur 
since M < p. □ 

4.1. Example. Let n = 16. Along will choose the primes p = 65287 and q = 40829. 
Then Along chooses the following private parameters: 

(1) fci =46381 

(2) fc 2 = -2776 

(3) u = 3096817651 

(4) d = 49913 

The public keys will be 

(1) ei = 5943657286 

(2) e 2 = 3278054363 

Busu's message will be M = 43963 with the following accompanying parameters 

(1) X = 281474976710656 

(2) Y = 281474976666693 

The ciphertext will be C = 750300520815394662808057. To decrypt is arbitrary. n 



5. Algebraic Attacks 

5.1. Computing with X. To find X = X + e 2 j, we should find an integer j such 
that 2 3 "- 1 < X < 2 3 " - 1. This gives 

2 3n-l _ Xq 2 3 " -1-X 

< 3 < • 

We know that 2 2 " -1 < e 2 < 2 2 ™ — 1. Then the difference between the upper and 
the lower bound is 

2 3 " - 1 -X 2 3 "- 1 - X _ 2 3 ™ 2 3 ™ _^ 2 „ 
~2 ~2 E2 2 2 " - 1 ~ 

Hence the difference is very large and finding the correct j is infeasible. 



Remark 5.1. If one attempts to compute with Y the above scenario when computing 
with X would appear. 

5.2. Euclidean division attack. From C = Xe\ — Fe 2 , the size of each public 
parameter within C ensures that Euclidean division attacks does not occur. This 
can be easily deduced as follows: 



(1) LlrJ^ 

(2) L£J / y 



A NEW EFFICIENT ASYMMETRIC CRYPTOSYSTEM BASED ON THE INTEGER FACTORIZATION PROBLEM 



6. Analysis on lattice based attack 

With reference to the AAp scheme in p] which has gone through square lattice 
attack, the ciphertext equation in this article is of the same structure. Recall that 
the the structure of the ciphertext AAp scheme is as follows: 

C = Ue A1 + V 2 e A2 

where both (U, V 2 ) are of size 4n-bits, while both {eAi,eAi) are of size 3n-bits. 
That is, the unknown parameters are larger by n-bits from the known parameters. 
It is by this fact that the square lattice attack as described in [T] failed upon the 
AAp scheme. 

Now, observe that the ciphertext in this article also has its unknown parameters 
to be larger by n-bits than the known parameters. It is arbitrary to replicate the 
empirical evidence by executing the LLL algorithm upon the scheme in this article 
to see that the square lattice attack will not succeed. 

7. Underlying security principles 

7.1. The public key Integer Factorization Problem. Observe that one can 
obtain ei — e 2 — pq. This is obviously the Integer Factorization Problem. 

7.2. The ciphertext DEHP. To find the preferred solution set (X,Y) such that 
C = Xe! - Ye 2 . 

8. Table of Comparison 

The following is a table of comparison between RSA, ECC, NTRU and the 
scheme in this article. Let \E\ denote public key size. 



Algorithm 


Encryption 
Speed 


Decryption 
Speed 


Ratio 
M : C 


Ratio 
M : \E\ 


RSA 


<3(n a ) 


0(n 3 ) 


1 : 1 


1 : 2 


ECC 


0(n 3 ) 


0(n a ) 


1 : 2 


1 : 2 


NTRU 


0{n 2 ) 


0{n z ) 


Varies [5] 


N/A 


Scheme in this paper 


0(n a ) 


0(n a ) 


1 : 5 


1 : 4 



Table 1. Comparison table for input block of length n 



9. Conclusion 

The asymmetric scheme presented in this paper provides a secure avenue for 
implementors who need encryption and decryption speed of complexity order 0(n 2 ). 
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